mparticle

SUSPICIOUS: The skill is internally coherent for a Membrane-based mParticle integration, and the install path uses an official npm package rather than a shady binary. The main risk is data-flow integrity: API calls and credential handling are mediated by Membrane infrastructure, not direct mParticle endpoints, plus the examples use unpinned CLI execution. This looks like a legitimate integration wrapper with medium trust and privacy risk, not confirmed malware.